Jump to content

RAT Infection, Seems Very Advanced, Requesting Help


Recommended Posts

Over the passed 5 days I have spent several hours each day attempting to remove a RAT from my desktop system, and I've had no luck at all. I've ran SO many scans with multiple different antivirus programs across the board, and none of them end up finding anything. I've also checked my registry/msconfig to see what is run on startup, and I can't find anything suspicious. I'm also looking through my processes in task manager and looking at the file paths for the processes and I don't see anything suspicious there either. I'm normally pretty knowledgable and able to remove viruses pretty easily, but this one is just kicking my butt right now, I jsut have no idea how to get rid of it because I can't even find anything suspicious in my %appdata% folder or anything, and no scans from anything that I'm running is picking the virus up.

List of scans that I've ran within the passed 24 hours:

Spybot S&D

Malwarebytes (Full scan)

Microsoft Sec. Essentials (Full scan)

TDSSKiller (Malware removal by Kaspersky)

SuperAntiSpyware (Full scan)

...and none of them were able to find anything important.

PLEASE help me remove this virus. I know formatting my system would be the safest way, but at this time I just can't afford to do that because I have no way of backing up my files.

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

I don't believe you fully understand the scope of having a RAT:

A backdoor severely compromises system integrity.

A compromised system may allow illicit network connections, disabling of security software, modifying critical system files and collection and transmiission of personal identifiable information without your consent.

I recommend that you disconnect this PC from the Internet immediately, and only reconnect to download any tools that are required. If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. If it were on my PC I would not hesitate for a moment to do so. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy.

Should you have any questions, please feel free to ask.

External hard drives, or even large flash drives are very cheap, and you would be able to back up your important data onto there.

Let me know what you decide.

Link to post
Share on other sites

Hi and welcome to Malwarebytes.

I don't believe you fully understand the scope of having a RAT:

A backdoor severely compromises system integrity.

A compromised system may allow illicit network connections, disabling of security software, modifying critical system files and collection and transmiission of personal identifiable information without your consent.

I recommend that you disconnect this PC from the Internet immediately, and only reconnect to download any tools that are required. If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. If it were on my PC I would not hesitate for a moment to do so. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy.

Should you have any questions, please feel free to ask.

External hard drives, or even large flash drives are very cheap, and you would be able to back up your important data onto there.

Let me know what you decide.

I would like to go ahead and take the steps of removing the trojan itself. I understand that my PC is likely compromised, but at this time it's just not possible for me to format my system(I need a lot of space to back up necessary files, so I'll have to look into purchasing a large external drive for this). If you are available, please assist me in the removal process of the trojan, and thank you for sharing the information in those 2 links, I found them very helpful.

Link to post
Share on other sites

Okay.

In that case, I'll see what I can do.

In the future, please post all logs directly into your reply instead of attaching them. With that said, please update MBAM, run a Quick Scan, and post its log.

Next, run DDS again and post DDS.txt in your reply.

Thank you for your help.

Update mbam, here's the log:

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.07.03.06

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Paul :: COCAIN-PC [administrator]

Protection: Enabled

7/3/2012 3:15:17 PM

mbam-log-2012-07-03 (15-15-17).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 257253

Time elapsed: 1 minute(s), 49 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

DDS Log:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1

Run by Paul at 15:18:31 on 2012-07-03

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12256.5502 [GMT -4:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Sandboxie\SbieSvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Pioneer\DJM-900nexus\DJM-900nexus_AutoSetup.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe

C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe

C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe

C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Sandboxie\SbieCtrl.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Users\Paul\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe

C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe

C:\Program Files (x86)\MSI\Live Update 5\LU5.exe

C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\No-IP\DUC30.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2launcher.exe

C:\Program Files (x86)\Java\jre7\bin\java.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe

C:\Program Files (x86)\iTunes\iTunes.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\java.exe

C:\Users\Paul\Desktop\HijackThis.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe

C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.71\deploy\LoLLauncher.exe

C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.158\deploy\LolClient.exe

C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.0.162\deploy\League of Legends.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\notepad.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File

uRun: [sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [sandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"

mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [Lycosa] "C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe"

mRun: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe

mRun: [Live Update 5] C:\Program Files (x86)\MSI\Live Update 5\LU5.exe /reminder

mRun: [Razer Blackwidow Driver] C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\Users\Paul\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Paul\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\Paul\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\sidebar.lnk - C:\Program Files (x86)\Windows Sidebar\sidebar.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll

Trusted Zone: com\www.msi

Trusted Zone: com.tw\asia.msi

Trusted Zone: com.tw\global.msi

DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/RELEASECAB/install.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{007F96AF-EC69-4BDE-A2A1-C527C3704D9C} : DhcpNameServer = 192.168.1.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB-X64: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File

mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun-x64: [Lycosa] "C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe"

mRun-x64: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe

mRun-x64: [Live Update 5] C:\Program Files (x86)\MSI\Live Update 5\LU5.exe /reminder

mRun-x64: [Razer Blackwidow Driver] C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\7ubuurk3.default\

FF - prefs.js: browser.startup.homepage - google.com

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z131&form=ZGAADF&install_date=20111208&q=

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Paul\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101641

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - 4eddbc4300000000000000ff265c9e01

FF - user.js: extensions.BabylonToolbar_i.hardId - 4eddbc4300000000000000ff265c9e01

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15392

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.171:20:05

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R1 AntiLog32;AntiLog32;\??\C:\Windows\system32\drivers\AntiLog64.sys --> C:\Windows\system32\drivers\AntiLog64.sys [?]

R1 avfwot;avfwot;C:\Windows\system32\DRIVERS\avfwot.sys --> C:\Windows\system32\DRIVERS\avfwot.sys [?]

R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]

R2 DJM-900nexus_AutoSetup;DJM-900nexus_AutoSetup;C:\Program Files (x86)\Pioneer\DJM-900nexus\DJM-900nexus_AutoSetup.exe [2011-7-20 57344]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-29 654408]

R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-4-7 5352960]

R2 PaceLicenseDServices;PACE License Services;C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2011-7-9 2932224]

R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\system32\DRIVERS\RtNdPt60.sys --> C:\Windows\system32\DRIVERS\RtNdPt60.sys [?]

R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-3-19 2666880]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-12-8 2028864]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]

R3 avfwim;AvFw Packet Filter Miniport;C:\Windows\system32\DRIVERS\avfwim.sys --> C:\Windows\system32\DRIVERS\avfwim.sys [?]

R3 DJM-900nexusAudio;DJM-900nexus WDM Audio;C:\Windows\system32\drivers\DJM-900nexusAudio64.sys --> C:\Windows\system32\drivers\DJM-900nexusAudio64.sys [?]

R3 kx1avs;Traktor Kontrol X1 Midi;C:\Windows\system32\Drivers\kx1avs.sys --> C:\Windows\system32\Drivers\kx1avs.sys [?]

R3 kx1usb_svc;Traktor Kontrol X1;C:\Windows\system32\Drivers\kx1usb.sys --> C:\Windows\system32\Drivers\kx1usb.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;C:\PROGRA~1\MSI\MSIWDev\msibios64_100507.sys [2010-5-10 33592]

R3 NTIOLib_1_0_4;NTIOLib_1_0_4;C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2011-5-19 14136]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-5-26 14648]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?]

R3 RzSynapse;Razer Driver;C:\Windows\system32\DRIVERS\RzSynapse.sys --> C:\Windows\system32\DRIVERS\RzSynapse.sys [?]

R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2012-5-31 166576]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-2-10 11856]

R3 VKbms;Virtual HID Minidriver;C:\Windows\system32\DRIVERS\VKbms.sys --> C:\Windows\system32\DRIVERS\VKbms.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 AntiVirFirewallService;Avira FireWall;"C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe" --> C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [?]

S2 AntiVirMailService;Avira Mail Protection;"C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe" --> C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [?]

S2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]

S2 AntiVirService;Avira Realtime Protection;"C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" --> C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [?]

S2 AntiVirWebService;Avira Web Protection;"C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" --> C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944]

S2 WdiSystemHost32;Diagnostic System Host ;C:\Windows\system32\iprtrmgr32.exe --> C:\Windows\system32\iprtrmgr32.exe [?]

S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

S3 CGVPNCliSrvc;CyberGhost VPN Client;C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2011-5-20 2428968]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-11-2 130976]

S3 gbxavs;Maschine Midi;C:\Windows\system32\Drivers\gbxavs.sys --> C:\Windows\system32\Drivers\gbxavs.sys [?]

S3 gbxusb_svc;Maschine Controller;C:\Windows\system32\Drivers\gbxusb.sys --> C:\Windows\system32\Drivers\gbxusb.sys [?]

S3 kx1avs_x64;kx1avs_x64;C:\Windows\system32\Drivers\kx1avs_x64.sys --> C:\Windows\system32\Drivers\kx1avs_x64.sys [?]

S3 kx1usb_x64;kx1usb_x64;C:\Windows\system32\Drivers\kx1usb_x64.sys --> C:\Windows\system32\Drivers\kx1usb_x64.sys [?]

S3 Lycosa;Lycosa Keyboard;C:\Windows\system32\drivers\Lycosa.sys --> C:\Windows\system32\drivers\Lycosa.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-27 113120]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]

S3 NTIOLib_1_0_3;NTIOLib_1_0_3;C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [2011-5-19 14136]

S3 NTIOLib_1_0_6;NTIOLib_1_0_6;C:\Program Files (x86)\Setup Files\Ms7681v1C0\NTIOLib_X64.sys [2011-1-6 11888]

S3 NTIOLib_1_0_8;NTIOLib_1_0_8;C:\PROGRA~1\MSI\MSIWDev\NTIOLib_X64.sys [2011-1-27 11888]

S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]

S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);C:\Windows\system32\DRIVERS\RtTeam60.sys --> C:\Windows\system32\DRIVERS\RtTeam60.sys [?]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-07-03 17:30:18 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2C3E0302-C8A9-44C2-85B4-320B85694EB1}\gapaengine.dll

2012-07-03 17:30:10 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{822B7FE4-9DCD-4F6A-9D4E-6B0AA8127A45}\mpengine.dll

2012-07-03 09:22:12 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-07-01 20:50:26 -------- d-----w- C:\Users\Paul\.moparscape4

2012-07-01 17:17:58 -------- d-----w- C:\Users\Paul\AppData\Local\Zemana

2012-07-01 17:17:54 -------- dc-h--w- C:\ProgramData\{455ED70D-6783-4CF7-AEE7-9D8AB17338F0}

2012-07-01 07:03:35 -------- d-----w- C:\Users\Paul\AppData\Roaming\SUPERAntiSpyware.com

2012-07-01 07:03:30 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2012-07-01 07:03:30 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2012-06-30 20:13:49 -------- d-----w- C:\ProgramData\TinyWall

2012-06-30 17:11:24 -------- d-----w- C:\_OTL

2012-06-30 15:59:20 -------- d-----w- C:\Program Files (x86)\Trend Micro

2012-06-30 15:29:14 -------- d-----w- C:\ProgramData\CPA_VA

2012-06-30 15:26:09 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2012-06-30 15:24:19 -------- d-----w- C:\ProgramData\Comodo

2012-06-29 09:06:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-29 09:06:44 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-06-28 18:10:27 -------- d-----w- C:\Program Files (x86)\Oracle

2012-06-28 18:10:07 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-06-26 08:25:34 -------- d-----w- C:\Program Files\Common Files\Bitdefender

2012-06-25 00:50:43 -------- d-----w- C:\Users\Paul\AppData\Local\{15080E72-6D30-4128-809F-E23247D4D088}

2012-06-25 00:50:26 -------- d-----w- C:\Users\Paul\AppData\Local\{23BBD976-9960-4665-B809-98F4A82F4403}

2012-06-23 17:52:52 -------- d-----w- C:\Users\Paul\AppData\Roaming\iZotope

2012-06-23 17:51:32 -------- d-----w- C:\Program Files (x86)\iZotope

2012-06-23 17:51:22 -------- d-----w- C:\Program Files\Common Files\VST3

2012-06-23 05:31:54 889664 ----a-w- C:\Windows\System32\nvvsvc.exe

2012-06-23 05:31:54 63296 ----a-w- C:\Windows\System32\nvshext.dll

2012-06-23 05:31:54 6074176 ----a-w- C:\Windows\System32\nvcpl.dll

2012-06-23 05:31:54 3089728 ----a-w- C:\Windows\System32\nvsvc64.dll

2012-06-23 05:31:54 2561856 ----a-w- C:\Windows\System32\nvsvcr.dll

2012-06-23 05:31:54 2497985 ----a-w- C:\Windows\System32\nvcoproc.bin

2012-06-23 05:31:54 118080 ----a-w- C:\Windows\System32\nvmctray.dll

2012-06-23 05:24:00 -------- d-----w- C:\ProgramData\NVIDIA Corporation

2012-06-22 07:33:58 -------- d-----w- C:\Users\Paul\AppData\Local\{545F3C72-C14D-4310-95E3-47E5E0F24441}

2012-06-20 02:23:08 -------- d-----w- C:\Program Files (x86)\Battlelog Web Plugins

2012-06-19 19:19:03 -------- d-----w- C:\Program Files (x86)\Origin Games

2012-06-19 19:19:02 -------- d-----w- C:\Users\Paul\AppData\Local\Origin

2012-06-19 19:18:12 -------- d-----w- C:\Program Files (x86)\Origin

2012-06-19 07:31:02 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-19 07:30:50 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-19 07:30:34 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-19 07:30:34 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-19 06:22:10 -------- d-----w- C:\Users\Paul\AppData\Local\{F6CBE268-6497-45C8-A374-440009C65C62}

2012-06-17 21:03:38 -------- d-----w- C:\Users\Paul\AppData\Local\{E7C7BE11-69BD-4C56-8EFA-B53D927571F4}

2012-06-17 05:24:48 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll

2012-06-17 05:24:48 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll

2012-06-14 03:55:39 -------- d-----w- C:\Users\Paul\AppData\Local\{14DF7E45-2B05-4575-8E41-305643BA1C65}

2012-06-14 03:55:27 -------- d-----w- C:\Users\Paul\AppData\Local\{D3693436-ADE1-40EB-A0FA-4B959E0FC528}

2012-06-14 02:02:11 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-06-14 02:02:11 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-06-14 02:02:11 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-06-14 02:02:05 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-06-14 02:02:03 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-06-14 02:02:02 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-06-14 02:02:02 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-06-14 02:02:01 3146752 ----a-w- C:\Windows\System32\win32k.sys

2012-06-14 02:02:00 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-06-14 02:01:59 3216384 ----a-w- C:\Windows\System32\msi.dll

2012-06-14 02:01:59 2342400 ----a-w- C:\Windows\SysWow64\msi.dll

2012-06-14 02:01:55 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-06-14 02:01:55 1462272 ----a-w- C:\Windows\System32\crypt32.dll

2012-06-14 02:01:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-06-14 02:01:55 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-06-14 02:01:55 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-06-14 02:01:54 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-06-12 18:17:43 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2AEBE2BB-749B-40B5-B048-BD09239ED3BE}\gapaengine.dll

.

==================== Find3M ====================

.

2012-06-23 01:45:58 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2012-06-23 01:45:58 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2012-06-23 01:45:48 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2012-06-20 02:31:13 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-05-15 06:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2012-05-04 23:29:16 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2010-08-03 16:11:16 819200 --sha-w- C:\Windows\SysWOW64\xvidcore.dll

2010-08-03 16:11:16 180224 --sha-w- C:\Windows\SysWOW64\xvidvfw.dll

.

============= FINISH: 15:19:00.45 ===============

Link to post
Share on other sites

I forgot to include this information in my original post, but here is for more information that I'm sure might help in the removal of the virus. I'm also not sure when I exactly got the virus, but I believe it could have been up to a month ago.

The only thing that I've been experiencing that tipped me off so that I knew I had a virus is that my mouse/keyboard will randomly start being controlled(this happens at random times, the first time it occured it didn't happen for like a week+ after that, so I assumed it was just my mouse acting weird, this is also the reason I am assuming that it is a RAT, because I thought that was the only type of virus that can actually control your system like that), as well as my firefox attempting to be closed(I don't believe whoever is controling my system has access kill my processes, because he was trying to just click the X, which was stopped by the window which pops up asking if you would like to close all of the tabs or whatever). Nothing else weird has been happening, and as far as I can tell, none of my online accounts for anything have been compromised, but I definitely will be using my laptop for all banking/payments/serious information that I'll be needing to deal with from this point on.

*I was typing this as you posted about combofix, so I'm about to read the instructions and then run it.

Link to post
Share on other sites

Thanks for the updated information.

Does the behavior persist? More specifically, does it stop when you're not connected to the Internet?

The problem is that it happens at such random times, and only lasts a few seconds usually. Sometimes I'm just browsing Youtube, and he'll start scrolling my page and highlighting text(as if the mouse button was held down), I've also had him log me off of my user account once then log me back on. For this reason, it's hard for me to test if it still happens when I'm not connected to the internet, but I'll try and disconnect myself quickly if I notice it happening again to see what happens.

I am currently running combofix.

Link to post
Share on other sites

Here's the Combofix log:

ComboFix 12-07-02.01 - Paul 07/03/2012  16:48:58.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12256.8729 [GMT -4:00]
Running from: c:\users\Paul\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\adobe_pdf_icon.ico
c:\programdata\Icon_1.ico
c:\programdata\icon18.ico
c:\users\Paul\AppData\Roaming\RSBuddy_supa sord .ini
c:\windows\apppatch\AppLoc.exe
c:\windows\apppatch\AppLocA.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\apppatch\unins000.dat
c:\windows\apppatch\unins000.exe
c:\windows\RazorDOX
c:\windows\RazorDOX\RazorDOX.dll
c:\windows\SysWow64\logs
c:\windows\SysWow64\logs\Game - R3d Logs\2012-02-25_16-11-06_r3dlog.txt
c:\windows\SysWow64\setup.ini
c:\windows\SysWow64\tmp43EA.tmp
c:\windows\SysWow64\tmp8343.tmp
c:\windows\SysWow64\tmp8344.tmp
c:\windows\SysWow64\tmpC80F.tmp
c:\windows\SysWow64\tmpC89D.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-06-03 to 2012-07-03 )))))))))))))))))))))))))))))))
.
.
2012-07-03 20:53 . 2012-07-03 20:53 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-03 20:53 . 2012-07-03 20:53 -------- d-----w- c:\users\UpdatusUser.COCAIN-PC\AppData\Local\temp
2012-07-03 20:53 . 2012-07-03 20:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-01 20:50 . 2012-07-01 20:51 -------- d-----w- c:\users\Paul\.moparscape4
2012-07-01 17:17 . 2012-07-01 17:17 -------- d-----w- c:\users\Paul\AppData\Local\Zemana
2012-07-01 17:17 . 2012-07-01 17:17 132408 ----a-w- c:\windows\system32\drivers\AntiLog64.sys
2012-07-01 17:17 . 2012-07-01 17:17 -------- dc-h--w- c:\programdata\{455ED70D-6783-4CF7-AEE7-9D8AB17338F0}
2012-07-01 07:03 . 2012-07-01 07:03 -------- d-----w- c:\users\Paul\AppData\Roaming\SUPERAntiSpyware.com
2012-07-01 07:03 . 2012-07-01 07:03 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-07-01 07:03 . 2012-07-01 07:03 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-06-30 20:13 . 2012-06-30 21:16 -------- d-----w- c:\programdata\TinyWall
2012-06-30 17:11 . 2012-06-30 17:11 -------- d-----w- C:\_OTL
2012-06-30 15:59 . 2012-06-30 15:59 -------- d-----w- c:\program files (x86)\Trend Micro
2012-06-30 15:29 . 2012-06-30 15:29 -------- d-----w- c:\programdata\CPA_VA
2012-06-30 15:26 . 2012-06-30 21:45 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-06-30 15:24 . 2012-06-30 21:45 -------- d-----w- c:\programdata\Comodo
2012-06-29 09:06 . 2012-06-29 09:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-29 09:06 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-28 18:10 . 2012-06-28 18:10 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-06-28 18:10 . 2012-06-28 18:10 -------- d-----w- c:\program files (x86)\Oracle
2012-06-28 18:10 . 2012-05-04 23:29 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-06-28 18:09 . 2012-06-28 18:09 -------- d-----w- c:\programdata\McAfee
2012-06-26 08:25 . 2012-06-26 08:25 -------- d-----w- c:\program files\Common Files\Bitdefender
2012-06-23 17:52 . 2012-06-23 17:53 -------- d-----w- c:\users\Paul\AppData\Roaming\iZotope
2012-06-23 17:51 . 2012-06-23 17:51 -------- d-----w- c:\program files (x86)\iZotope
2012-06-23 17:51 . 2012-06-23 17:51 -------- d-----w- c:\program files\Common Files\VST3
2012-06-23 05:31 . 2012-02-10 03:14 6074176 ----a-w- c:\windows\system32\nvcpl.dll
2012-06-23 05:31 . 2012-02-10 03:14 3089728 ----a-w- c:\windows\system32\nvsvc64.dll
2012-06-23 05:31 . 2012-02-10 03:07 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
2012-06-23 05:31 . 2012-02-10 03:07 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-06-23 05:31 . 2012-02-10 03:07 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-06-23 05:31 . 2012-02-10 03:07 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-06-23 05:31 . 2012-02-10 03:05 2497985 ----a-w- c:\windows\system32\nvcoproc.bin
2012-06-23 05:24 . 2012-06-23 05:24 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-06-23 04:57 . 2012-06-23 05:22 -------- d-----w- c:\programdata\NVIDIA
2012-06-20 02:23 . 2012-06-20 02:23 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins
2012-06-19 19:19 . 2012-06-19 19:19 -------- d-----w- c:\program files (x86)\Origin Games
2012-06-19 19:19 . 2012-06-19 19:19 -------- d-----w- c:\users\Paul\AppData\Local\Origin
2012-06-19 19:18 . 2012-06-19 19:18 -------- d-----w- c:\program files (x86)\Origin
2012-06-19 07:31 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 07:31 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 07:31 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 07:31 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 07:30 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-19 07:30 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 07:30 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 07:30 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 07:30 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-17 05:24 . 2012-06-17 05:24 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-17 05:24 . 2012-06-17 05:24 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-14 02:02 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-14 02:02 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-14 02:02 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-14 02:02 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-14 02:02 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-14 02:02 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-14 02:02 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-14 02:02 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-14 02:02 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-14 02:01 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-14 02:01 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-14 02:01 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-14 02:01 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-14 02:01 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-14 02:01 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-14 02:01 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-14 02:01 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 20:40 . 2011-10-07 17:42 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2E5CF841-18CA-466A-8373-A120CFFB0E16}\offreg.dll
2012-06-23 01:45 . 2011-05-20 04:02 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-06-23 01:45 . 2011-05-20 04:02 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-06-23 01:45 . 2011-05-20 04:02 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-06-20 02:31 . 2011-05-20 04:02 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-05-15 06:21 . 2012-05-15 06:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-05-04 23:29 . 2011-05-19 23:45 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-28 03:33 . 2012-04-28 03:33 225280 ----atw- c:\users\Paul\AppData\Roaming\Microsoft\AdjMmsVista.dll
2012-04-17 21:18 . 2012-04-17 21:18 140664 ----a-r- c:\users\Paul\AppData\Roaming\Microsoft\Installer\{6CDC43A5-83FD-42F2-A6C1-92BEC6A0698E}\ShortcutUpdater_B4EEAB5A25624B9CB01E300A7199EE30.exe
2012-04-17 21:18 . 2012-04-17 21:18 140664 ----a-r- c:\users\Paul\AppData\Roaming\Microsoft\Installer\{6CDC43A5-83FD-42F2-A6C1-92BEC6A0698E}\ARPPRODUCTICON.exe
2012-04-17 21:16 . 2012-04-17 21:16 136568 ----a-r- c:\users\Paul\AppData\Roaming\Microsoft\Installer\{E3AC9740-66D4-412F-AE55-DD0428F78175}\RazerZoneWebsite_51B2803B39F24EC28AFA6EFC67070FD2.exe
2012-04-17 21:16 . 2012-04-17 21:16 136568 ----a-r- c:\users\Paul\AppData\Roaming\Microsoft\Installer\{E3AC9740-66D4-412F-AE55-DD0428F78175}\NewShortcut2_E032CCCB26C04AAEA5D133D9643D20E8.exe
2012-04-17 21:16 . 2012-04-17 21:16 136568 ----a-r- c:\users\Paul\AppData\Roaming\Microsoft\Installer\{E3AC9740-66D4-412F-AE55-DD0428F78175}\BWConfig_14BFF80D8D994A26B6FD51288576B324.exe
2012-04-17 21:16 . 2012-04-17 21:16 136568 ----a-r- c:\users\Paul\AppData\Roaming\Microsoft\Installer\{E3AC9740-66D4-412F-AE55-DD0428F78175}\ARPPRODUCTICON.exe
2010-08-03 16:11 819200 --sha-w- c:\windows\SysWOW64\xvidcore.dll
2010-08-03 16:11 180224 --sha-w- c:\windows\SysWOW64\xvidvfw.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-21 1174016]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-06-05 17344176]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-05-31 694032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"Lycosa"="c:\program files (x86)\Razer\Razer Lycosa\razerhid.exe" [2011-03-22 233984]
"Razer Naga Driver"="c:\program files (x86)\Razer\Naga\RazerNagaSysTray.exe" [2011-04-12 953232]
"Live Update 5"="c:\program files (x86)\MSI\Live Update 5\LU5.exe" [2011-10-11 1833488]
"Razer Blackwidow Driver"="c:\program files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe" [2011-05-16 887712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Paul\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
sidebar.lnk - c:\program files (x86)\Windows Sidebar\sidebar.exe [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"Super-Charger"=c:\program files (x86)\MSI\Super-Charger\StartSuperCharger.exe
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"UpdReg"=c:\windows\UpdReg.EXE
.
R2 AntiVirFirewallService;Avira FireWall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [x]
R2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [x]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-09-23 86224]
R2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R2 WdiSystemHost32;Diagnostic System Host ;c:\windows\system32\iprtrmgr32.exe [x]
R3 ALSysIO;ALSysIO;c:\users\Paul\AppData\Local\Temp\ALSysIO64.sys [x]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 9319936]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 306176]
R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2011-07-08 2428968]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-03-01 130976]
R3 gbxavs;Maschine Midi;c:\windows\system32\Drivers\gbxavs.sys [2010-10-20 353360]
R3 gbxusb_svc;Maschine Controller;c:\windows\system32\Drivers\gbxusb.sys [2010-10-20 68688]
R3 kx1avs_x64;kx1avs_x64;c:\windows\system32\Drivers\kx1avs_x64.sys [2009-12-07 45136]
R3 kx1usb_x64;kx1usb_x64;c:\windows\system32\Drivers\kx1usb_x64.sys [2009-12-07 300624]
R3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [2010-09-08 28928]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-20 113120]
R3 MSICDSetup;MSICDSetup;D:\CDriver64.sys [x]
R3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [2010-07-12 14136]
R3 NTIOLib_1_0_6;NTIOLib_1_0_6;c:\program files (x86)\Setup Files\Ms7681v1C0\NTIOLib_X64.sys [2011-01-06 11888]
R3 NTIOLib_1_0_8;NTIOLib_1_0_8;c:\progra~1\MSI\MSIWDev\NTIOLib_X64.sys [2011-01-27 11888]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [2010-04-10 50720]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-21 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog64.sys [2012-07-01 132408]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2011-09-16 139512]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-09-16 27760]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776]
S2 DJM-900nexus_AutoSetup;DJM-900nexus_AutoSetup;c:\program files (x86)\Pioneer\DJM-900nexus\DJM-900nexus_AutoSetup.exe [2010-12-29 57344]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-04-07 5352960]
S2 PaceLicenseDServices;PACE License Services;c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2011-07-09 2932224]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2009-07-20 27136]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-12-08 2028864]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2011-09-16 113768]
S3 DJM-900nexusAudio;DJM-900nexus WDM Audio;c:\windows\system32\drivers\DJM-900nexusAudio64.sys [2011-05-23 48768]
S3 kx1avs;Traktor Kontrol X1 Midi;c:\windows\system32\Drivers\kx1avs.sys [2010-10-20 353360]
S3 kx1usb_svc;Traktor Kontrol X1;c:\windows\system32\Drivers\kx1usb.sys [2010-10-20 70736]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\progra~1\MSI\MSIWDev\msibios64_100507.sys [2010-05-10 33592]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2010-10-22 14136]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-11-11 155752]
S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-28 412776]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-01-06 676864]
S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [2011-05-12 154624]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-02-10 11856]
S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [2010-10-01 13312]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 16889306
*NewlyCreated* - 83895251
*NewlyCreated* - NTIOLIB_1_0_1
*Deregistered* - 16889306
*Deregistered* - 83895251
*Deregistered* - NTIOLib_1_0_1
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1816576451-940877209-2385228107-1000Core.job
- c:\users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-27 01:20]
.
2012-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1816576451-940877209-2385228107-1000UA.job
- c:\users\Paul\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-27 01:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Paul\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-04 6602856]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: com\www.msi
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\7ubuurk3.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z131&form=ZGAADF&install_date=20111208&q=
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101641
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 4eddbc4300000000000000ff265c9e01
FF - user.js: extensions.BabylonToolbar_i.hardId - 4eddbc4300000000000000ff265c9e01
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15392
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.171:20
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1816576451-940877209-2385228107-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1816576451-940877209-2385228107-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-03 16:55:39
ComboFix-quarantined-files.txt 2012-07-03 20:55
ComboFix2.txt 2012-06-30 17:48
.
Pre-Run: 141,785,038,848 bytes free
Post-Run: 141,331,976,192 bytes free
.
- - End Of File - - F50B745665131A948E8A0E6C8804892A

And here's the new DDS log:


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Paul at 16:59:55 on 2012-07-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12256.8125 [GMT -4:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Pioneer\DJM-900nexus\DJM-900nexus_AutoSetup.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\MSI Afterburner\Bundle\OSDServer\RTSS.exe
C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe
C:\Program Files (x86)\MSI\Live Update 5\LU5.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\notepad.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\java.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2launcher.exe
C:\Program Files (x86)\Java\jre7\bin\java.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
uRun: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Lycosa] "C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe"
mRun: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
mRun: [Live Update 5] C:\Program Files (x86)\MSI\Live Update 5\LU5.exe /reminder
mRun: [Razer Blackwidow Driver] C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Paul\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Paul\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Paul\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\sidebar.lnk - C:\Program Files (x86)\Windows Sidebar\sidebar.exe
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
Trusted Zone: com\www.msi
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/RELEASECAB/install.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{007F96AF-EC69-4BDE-A2A1-C527C3704D9C} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [Lycosa] "C:\Program Files (x86)\Razer\Razer Lycosa\razerhid.exe"
mRun-x64: [Razer Naga Driver] C:\Program Files (x86)\Razer\Naga\RazerNagaSysTray.exe
mRun-x64: [Live Update 5] C:\Program Files (x86)\MSI\Live Update 5\LU5.exe /reminder
mRun-x64: [Razer Blackwidow Driver] C:\Program Files (x86)\Razer\BlackWidow Ultimate\BlackWidowUltimateTray.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\7ubuurk3.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z131&form=ZGAADF&install_date=20111208&q=
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Paul\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101641
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 4eddbc4300000000000000ff265c9e01
FF - user.js: extensions.BabylonToolbar_i.hardId - 4eddbc4300000000000000ff265c9e01
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15392
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.171:20:05
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R1 avfwot;avfwot;C:\Windows\system32\DRIVERS\avfwot.sys --> C:\Windows\system32\DRIVERS\avfwot.sys [?]
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 DJM-900nexus_AutoSetup;DJM-900nexus_AutoSetup;C:\Program Files (x86)\Pioneer\DJM-900nexus\DJM-900nexus_AutoSetup.exe [2011-7-20 57344]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-29 654408]
R2 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-4-7 5352960]
R2 PaceLicenseDServices;PACE License Services;C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2011-7-9 2932224]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\system32\DRIVERS\RtNdPt60.sys --> C:\Windows\system32\DRIVERS\RtNdPt60.sys [?]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-3-19 2666880]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-12-8 2028864]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R3 avfwim;AvFw Packet Filter Miniport;C:\Windows\system32\DRIVERS\avfwim.sys --> C:\Windows\system32\DRIVERS\avfwim.sys [?]
R3 DJM-900nexusAudio;DJM-900nexus WDM Audio;C:\Windows\system32\drivers\DJM-900nexusAudio64.sys --> C:\Windows\system32\drivers\DJM-900nexusAudio64.sys [?]
R3 kx1avs;Traktor Kontrol X1 Midi;C:\Windows\system32\Drivers\kx1avs.sys --> C:\Windows\system32\Drivers\kx1avs.sys [?]
R3 kx1usb_svc;Traktor Kontrol X1;C:\Windows\system32\Drivers\kx1usb.sys --> C:\Windows\system32\Drivers\kx1usb.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;C:\PROGRA~1\MSI\MSIWDev\msibios64_100507.sys [2010-5-10 33592]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2011-5-19 14136]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2010-5-26 14648]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?]
R3 RzSynapse;Razer Driver;C:\Windows\system32\DRIVERS\RzSynapse.sys --> C:\Windows\system32\DRIVERS\RzSynapse.sys [?]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2012-5-31 166576]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-2-10 11856]
R3 VKbms;Virtual HID Minidriver;C:\Windows\system32\DRIVERS\VKbms.sys --> C:\Windows\system32\DRIVERS\VKbms.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 AntiVirFirewallService;Avira FireWall;"C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe" --> C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [?]
S2 AntiVirMailService;Avira Mail Protection;"C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe" --> C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [?]
S2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 AntiVirService;Avira Realtime Protection;"C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" --> C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [?]
S2 AntiVirWebService;Avira Web Protection;"C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" --> C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-5 160944]
S2 WdiSystemHost32;Diagnostic System Host ;C:\Windows\system32\iprtrmgr32.exe --> C:\Windows\system32\iprtrmgr32.exe [?]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 CGVPNCliSrvc;CyberGhost VPN Client;C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2011-5-20 2428968]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-11-2 130976]
S3 gbxavs;Maschine Midi;C:\Windows\system32\Drivers\gbxavs.sys --> C:\Windows\system32\Drivers\gbxavs.sys [?]
S3 gbxusb_svc;Maschine Controller;C:\Windows\system32\Drivers\gbxusb.sys --> C:\Windows\system32\Drivers\gbxusb.sys [?]
S3 kx1avs_x64;kx1avs_x64;C:\Windows\system32\Drivers\kx1avs_x64.sys --> C:\Windows\system32\Drivers\kx1avs_x64.sys [?]
S3 kx1usb_x64;kx1usb_x64;C:\Windows\system32\Drivers\kx1usb_x64.sys --> C:\Windows\system32\Drivers\kx1usb_x64.sys [?]
S3 Lycosa;Lycosa Keyboard;C:\Windows\system32\drivers\Lycosa.sys --> C:\Windows\system32\drivers\Lycosa.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-27 113120]
S3 NTIOLib_1_0_3;NTIOLib_1_0_3;C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [2011-5-19 14136]
S3 NTIOLib_1_0_6;NTIOLib_1_0_6;C:\Program Files (x86)\Setup Files\Ms7681v1C0\NTIOLib_X64.sys [2011-1-6 11888]
S3 NTIOLib_1_0_8;NTIOLib_1_0_8;C:\PROGRA~1\MSI\MSIWDev\NTIOLib_X64.sys [2011-1-27 11888]
S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);C:\Windows\system32\DRIVERS\RtTeam60.sys --> C:\Windows\system32\DRIVERS\RtTeam60.sys [?]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-07-01 20:50:26 -------- d-----w- C:\Users\Paul\.moparscape4
2012-07-01 17:17:58 -------- d-----w- C:\Users\Paul\AppData\Local\Zemana
2012-07-01 17:17:54 -------- dc-h--w- C:\ProgramData\{455ED70D-6783-4CF7-AEE7-9D8AB17338F0}
2012-07-01 07:03:35 -------- d-----w- C:\Users\Paul\AppData\Roaming\SUPERAntiSpyware.com
2012-07-01 07:03:30 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-07-01 07:03:30 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-06-30 20:13:49 -------- d-----w- C:\ProgramData\TinyWall
2012-06-30 17:11:24 -------- d-----w- C:\_OTL
2012-06-30 15:59:20 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-06-30 15:29:14 -------- d-----w- C:\ProgramData\CPA_VA
2012-06-30 15:26:09 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-06-30 15:24:19 -------- d-----w- C:\ProgramData\Comodo
2012-06-29 09:06:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-29 09:06:44 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-28 18:10:27 -------- d-----w- C:\Program Files (x86)\Oracle
2012-06-28 18:10:07 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-06-26 08:25:34 -------- d-----w- C:\Program Files\Common Files\Bitdefender
2012-06-25 00:50:43 -------- d-----w- C:\Users\Paul\AppData\Local\{15080E72-6D30-4128-809F-E23247D4D088}
2012-06-25 00:50:26 -------- d-----w- C:\Users\Paul\AppData\Local\{23BBD976-9960-4665-B809-98F4A82F4403}
2012-06-23 17:52:52 -------- d-----w- C:\Users\Paul\AppData\Roaming\iZotope
2012-06-23 17:51:32 -------- d-----w- C:\Program Files (x86)\iZotope
2012-06-23 17:51:22 -------- d-----w- C:\Program Files\Common Files\VST3
2012-06-23 05:31:54 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-06-23 05:31:54 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-06-23 05:31:54 6074176 ----a-w- C:\Windows\System32\nvcpl.dll
2012-06-23 05:31:54 3089728 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-06-23 05:31:54 2561856 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-06-23 05:31:54 2497985 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-06-23 05:31:54 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-06-23 05:24:00 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2012-06-22 07:33:58 -------- d-----w- C:\Users\Paul\AppData\Local\{545F3C72-C14D-4310-95E3-47E5E0F24441}
2012-06-20 02:23:08 -------- d-----w- C:\Program Files (x86)\Battlelog Web Plugins
2012-06-19 19:19:03 -------- d-----w- C:\Program Files (x86)\Origin Games
2012-06-19 19:19:02 -------- d-----w- C:\Users\Paul\AppData\Local\Origin
2012-06-19 19:18:12 -------- d-----w- C:\Program Files (x86)\Origin
2012-06-19 07:31:02 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-19 07:30:50 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-19 07:30:34 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-19 07:30:34 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-19 06:22:10 -------- d-----w- C:\Users\Paul\AppData\Local\{F6CBE268-6497-45C8-A374-440009C65C62}
2012-06-17 21:03:38 -------- d-----w- C:\Users\Paul\AppData\Local\{E7C7BE11-69BD-4C56-8EFA-B53D927571F4}
2012-06-17 05:24:48 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-17 05:24:48 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-14 03:55:39 -------- d-----w- C:\Users\Paul\AppData\Local\{14DF7E45-2B05-4575-8E41-305643BA1C65}
2012-06-14 03:55:27 -------- d-----w- C:\Users\Paul\AppData\Local\{D3693436-ADE1-40EB-A0FA-4B959E0FC528}
2012-06-14 02:02:11 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-14 02:02:11 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-14 02:02:11 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-14 02:02:05 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-06-14 02:02:03 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-14 02:02:02 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-14 02:02:02 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-14 02:02:01 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-06-14 02:02:00 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-14 02:01:59 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-06-14 02:01:59 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-14 02:01:55 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-14 02:01:55 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-14 02:01:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-14 02:01:55 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-14 02:01:55 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-14 02:01:54 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
.
==================== Find3M ====================
.
2012-06-23 01:45:58 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-06-23 01:45:58 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-06-23 01:45:48 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-06-20 02:31:13 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-15 06:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-05-04 23:29:16 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-08-03 16:11:16 819200 --sha-w- C:\Windows\SysWOW64\xvidcore.dll
2010-08-03 16:11:16 180224 --sha-w- C:\Windows\SysWOW64\xvidvfw.dll
.
============= FINISH: 17:00:10.61 ===============

Link to post
Share on other sites

  • Staff

Hi,

Run TFC by OldTimer to clear temporary files:

  • Please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

Thank you for sharing that TFC tool with me, it actually cleared up about 500mb in temp files, so I'll definitely be using that in the future.

As far as the ESET scanner goes, no threats were found.

Security Check:

Results of screen317's Security Check version 0.99.42

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Microsoft Security Essentials Prerelease

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

VirusTotal Uploader 2.0

Malwarebytes Anti-Malware version 1.61.0.1400

TuneUp Utilities 2011

TuneUp Utilities Language Pack (en-US)

TuneUp Utilities 2011

JavaFX 2.1.1

Java 6 Update 30

Java 7 Update 5

Adobe Flash Player 10 Flash Player out of Date!

Mozilla Firefox (13.0.1)

Google Chrome 19.0.1084.56

Google Chrome 20.0.1132.47

````````Process Check: objlist.exe by Laurent````````

Microsoft Security Essentials MSMpEng.exe

Microsoft Security Essentials msseces.exe

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

Link to post
Share on other sites

Let me know how things are running now and what issues remain.

-screen317

Are you able to tell from any of these logs if the threat was removed? It's hard for me to tell since I never notice a difference until my keyboard/mouse/etc is being screwed with. Thank you very much for all of your help, and if you feel like I've done pretty much all I can besides formatting, I'm satisfied.

Link to post
Share on other sites

  • Staff

If you're not connected to the Internet then people can't control what you're doing. :)

It's likely a hardware issue. Try using a different keyboard and mouse.

Run TFC by OldTimer to clear temporary files:

  • Please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

JavaFX 2.1.1

Java™ 6 Update 30

Java™ 7 Update 5

Adobe Flash Player 10

Restart your computer.

Get the latest version of Java, Adobe Reader, and Adobe Flash Player.

Let me know what issues remain.

Link to post
Share on other sites

If you're not connected to the Internet then people can't control what you're doing. :)

It's likely a hardware issue. Try using a different keyboard and mouse.

Run TFC by OldTimer to clear temporary files:

  • Please download TFC from here and save it to your desktop.
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your Desktop or save it for later use for the cleaning of temporary files.

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):

JavaFX 2.1.1

Java™ 6 Update 30

Java™ 7 Update 5

Adobe Flash Player 10

Restart your computer.

Get the latest version of Java, Adobe Reader, and Adobe Flash Player.

Let me know what issues remain.

I went ahead and did all of this, but I am 100% sure that it isn't a hardware issue. They were controlling my actions when I was playing League of Legends yesterday, and I've had they've typed to me with a random notepad that I had clicked on earlier this week. Could it somehow be someone on my home network or something?

Link to post
Share on other sites

I have some new information if anyone can still assist me(sorry for all of the reposts). Whatever is controlling my stuff is doing the same exact things every time, just it goes off at different times(most likely just a pre-written program made to just screw around). It can't actually move my mouse cursor, it can only left/right click and scroll. This ensures me that it is likely not a RAT.

Here is what the "program" does every time: It starts out by hitting the spacebar multiple times and pressing 'ctrl + v' to paste whatever I had copied about 12 times, then it tries to bookmark and download whatever webpage I'm on 3-4 times. It then proceeds to type "sol" and then hit backspace 3 times to erase the 'sol', after that I think it presses 'enter' once, and then types "4chan." and continues left/right click for a little while and then stops until another random time.

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.